<?php
session_start();
include "library.php";

//If user had not logged in, redirect to log in page

if(!isset($_SESSION["username"])){
	header("Location:login.php");
}

//If user presses log out button, clear session, redirect

if(isset($_POST["logout"])){	
	session_unset();
	session_destroy();
	header("Location:home.php");
}

//If user is admin, redirect

if($_SESSION["position"] != 1){ //User is not an administrator
	header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 5);

$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");
?>

<form method = "post">
<BR><h1>Enter email address to preapprove</h1><BR><BR>
Email: <input type = "text" name = "email" value = "" maxlength = 200/><br /><br />
<INPUT TYPE = "radio" NAME = "Perm" CHECKED VALUE = "1">Researcher<BR>
<INPUT TYPE = "radio" NAME = "Perm" VALUE = "2">Lead Reasearcher<BR><BR>
<input type = "submit" name = "Add" value = "Preapprove"/>
<?php

//If user presses submit and the email field has data in it, process

if(isset($_POST["Add"]) && $_POST["email"] != ""){

  //If admin selected Researcher else Lead Researcher

  if($_POST["Perm"] == 1){
    $query = sprintf("INSERT INTO Preapproved (Email, Pos) VALUES ('%s', 3)",
	mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["email"])), $pwdb));
  } else {
    $query = sprintf("INSERT INTO Preapproved (Email, Pos) VALUES ('%s', 2)",
	mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["email"])), $pwdb));
  }
  $r = dbquery($query);
}
print_footer();
?>
